Re: [PATCH 0/1] uio_pci_generic: extensions to allow access fornon-privileged processes
From: Joerg Roedel
Date: Thu Apr 01 2010 - 12:57:36 EST
On Thu, Apr 01, 2010 at 05:25:04PM +0300, Michael S. Tsirkin wrote:
> On Wed, Mar 31, 2010 at 05:08:38PM -0700, Tom Lyon wrote:
> > uio_pci_generic has previously been discussed on the KVM list, but this patch
> > has nothing to do with KVM, so it is also going to LKML.
> > The point of this patch is to beef up the uio_pci_generic driver so that a
> > non-privileged user process can run a user level driver for most PCIe
> > devices. This can only be safe if there is an IOMMU in the system with
> > per-device domains.
> Why? Per-guest domain should be safe enough.
Hardware IOMMUs don't have something like a per-guest domain ;-)
Anyway, if we want to emulate an IOMMU in the guest and make this
working for pass-through devices too we need more than one domain per
guest. Essentially we may need one domain per device.
> > Privileged users (CAP_SYS_RAWIO) are allowed if there is
> > no IOMMU.
> qemu does not support it, I doubt this last option is worth having.
> For this reason, I think we should address the problem somwwhat
> - Create a character device to represent the iommu
> - This device will handle memory locking etc
> - Allow binding this device to iommu
> - Allow other operations only after iommu is bound
Yes, something like this is needed. But I think we can implement this in
the generic uio-pci-driver. A seperate interface which basically passes
the iommu-api functions to userspace doesn't make sense because it would
also be device-centric like the uio-pci-driver.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/